GDPR Compliance

Our Commitment to GDPR

Evergreen-path is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines how we ensure compliance and what rights you have regarding your personal data.

Data Controller

Evergreen-path acts as the data controller for personal information collected through this website and our services. We determine the purposes and means of processing personal data.

Contact details:
evergreen-path
47 Greenfield Lane
London, SW12 8QT
United Kingdom

Email: [email protected]

Lawful Basis for Processing

We process personal data based on one or more of the following lawful bases:

• Consent: Where you have given explicit consent for specific processing activities
• Contract: Where processing is necessary to perform a contract with you or take steps at your request before entering into a contract
• Legitimate Interest: Where processing is necessary for our legitimate business interests, provided these do not override your rights
• Legal Obligation: Where we need to process data to comply with legal requirements

Your Rights Under GDPR

As a data subject, you have the following rights:

• Right to be Informed: You have the right to know how your data is being collected and used
• Right of Access: You can request a copy of the personal data we hold about you
• Right to Rectification: You can request correction of inaccurate or incomplete data
• Right to Erasure: You can request deletion of your data in certain circumstances
• Right to Restrict Processing: You can request that we limit how we use your data
• Right to Data Portability: You can request your data in a machine-readable format
• Right to Object: You can object to certain types of processing, including direct marketing
• Rights Related to Automated Decision Making: You have rights concerning automated decisions that significantly affect you

Exercising Your Rights

To exercise any of these rights, please contact us using the details provided above. We will respond to your request within one month. In some cases, we may need to verify your identity before processing your request.

We will not charge a fee for most requests. However, if your request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act on the request.

Data Security Measures

We implement appropriate technical and organisational measures to protect personal data, including:

• Secure storage of electronic data
• Access controls limiting who can view personal information
• Regular security assessments
• Staff training on data protection

Data Breach Procedures

In the event of a personal data breach that poses a risk to individuals' rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. Where the breach poses a high risk, we will also notify affected individuals directly.

International Transfers

We do not routinely transfer personal data outside the United Kingdom. Should any transfer be necessary, we will ensure appropriate safeguards are in place in accordance with UK data protection requirements.

Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF

Website: ico.org.uk

Last updated: January 2024